AD Trust question

[Chiefcrowe]

If I have one domain that is windows 2003 and one that is W2K, and they are trusted, am I supposed to be able to add a user/group from the 2K domain to a group in the 2003 domain? I thought that was the case but when I tried it, it doesn’t see the 2K domain.

 

[Nothinman]

I believe so, but my experience is trusts is pretty limited. Have you verified the trust direction?

 

[IndyColtsFan]

IIRC, you can only add a user from another domain to a local group, not a global group. If the other domain is within the same forest, you can add them to a universal group as well as IIRC, the global catalog will help enumerate those users.

A quick test is to try adding a user from the 2K domain to the NTFS permissions of a folder on the domain controller's local drive. Are you able to see the 2K domain and add the user? If not, you have an issue with the trust.

RebateMonger or someone else can correct me if I'm wrong; it has been a few years since I managed a domain with multiple trusts.

 

[RebateMonger]

Sorry, don't look at me (grin). My only experience with Trusts is playing with them for exams. The servers I work with mostly don't allow Trusts.